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Amendments to the Claims : 

This listing of claims will replace all prior versions, and listings, of claims in 
the application: 
Listing of Claims : 

Claims 1-19. (canceled). 

20. (currently amended) A method for protecting the processing of sensitive 
information in a security module having a monolithic structure comprising at least an 
information processing device, a storage device for storing information capable of 
being processed by said processing device and at least a data bus, the security module 
further comprising means for checking the integrity of information, said means for 
checking the integrity being either a table contained in the processing device or a 
plurality of software program instructions of the storage device or a specific hardware 
circuit, the method comprising at least the following steps: 

selecting a piece of sensitive information stored in the storage device 
addressed by the processing means; 

determining, by the means for checking the integrity, a specific condition for 
establishing the integrity of said sensitive information to be transmitted on said data 
bus; 

transferring a datum of said sensitive information from the storage device to 
the processing device, on said data bus; 

verifying said datum transferred on said data bus, by said means for checking 
the integrity for verifying that said specific condition is satisfied; and 

disabling the processing of said sensitive information by the processing device 
if the specific condition is not satisfied,, 



2 



Appln. No. 09/763,868 Attorney Docket No. T2 146-906833 

wherein said datum of said sensitive information is an operation code datum 
read in the storage device, said operation code datum being recognized in said table 
contained in the processing device, said specific condition being satisfied if said 
operation code datum is equal to a valid operation code datum of the table and said 
specific condition is not satisfied at least if bits of the operation code datum are all 
equal to a same binary value . 

Claims 21-25. (canceled) 

26. (previously presented) The method according to claim 20, wherein the 
disabling of the processing of said sensitive information comprises the disabling of 
the processing device performed by executing a microprogrammed instruction. 

27. (previously presented) The method according to claim 26, wherein said 
microprogrammed instruction induces the following steps: 

- writing a piece of disable data into a non volatile location of the storage 
device; and 

- disabling the processing device. 

28. (previously presented) The method according to claim 27, wherein said 
microprogrammed instruction further comprises the reading by the processing device 
at said non volatile location of the storage device upon power up of said module, 
before disabling the processing device if a value read at this location does not match. 

29. (currently amended) A security module comprising an electronic circuit 
having a monolithic structure and comprising an information processing device, an 
information storage device communicating with said processing device via a data bus, 
the processing device selecting sensitive information data extracted from the storage 

3 



Appln. No. 09/763,868 



Attorney Docket No. T2 146-906833 



device in order to process them, the security module further comprising means for 
checking the integrity of information being either a table contained in the processing 
device or a plurality of software program instructions of the storage device or a 
specific hardware circuit, wherein said means for checking the integrity verifies a 
specific condition for integrity by verifying a datum of said sensitive information, 
transferred on the data bus. the security module further comprising means for 
disabling the processing of said sensitive information by the processing device when 
said specific condition for integrity is not satisfied, 

wherein the datum transferred on the data bus is an operation code datum 
executed by the processing device corresponding to an instruction extracted from said 
table, the table comprising at least a forbidden instruction, and 

wherein said specific condition for integrity is not satisfied when said 
processing device processes said forbidden instruction . 

30. (canceled) 

31. (currently amended) The security module according to claim 30 29, 
wherein at least instructions of said table corresponding to operation code datum 
constituted by bits all equal to a same binary value are forbidden instructions of said 
table. 

32. (canceled) 

33. (previously presented) The security module according to claim 29, 
wherein said means for disabling the processing of said sensitive information 
comprises means for irreversibly writing at least one indicator with an initial valid * 
state in a non reversible modified invalid state, and means for reading said indicator 
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during the next power-up of the module and disabling the processing device if an 
invalid state of said indicator is read. 

Claims 34-36. (canceled) 

37. (previously presented) The security module according to claim 33, 
wherein said irreversibly writing of said indicator is performed by executing a 
microprogrammed instruction. 

38. (previously presented) The security module according to claim 29, 
wherein said security module is a microcircuit card. 

Claims 39-41. (canceled) 

42. (previously presented) The method according to claim 20, wherein when 
determining of a specific condition for the integrity of said information, at least two 
software instructions of the storage means are executed by processing means for 
determining said specific condition. 

43. (previously presented) The method according to claim 20, wherein when 
determining of a specific condition for the integrity of said information, the means for 
checking integrity of information comprises a specific hardware circuit for checking 
integrity of information in entry of the data bus and at output of the data bus. 

44. (previously presented) The security module according to claim 29, 
wherein the means for checking the integrity comprises at least two software 
instructions executed by the processing means for verifying said specific condition for 
integrity. 
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45. (previously presented) The security module according to claim 29, 
wherein the means for checking the integrity comprise a specific hardware circuit for 
checking integrity of information in entry of the data bus and at output of the data bus 
for verifying said specific condition for integrity. 

46. (new) A method for protecting the processing of sensitive information in 
a security module having a monolithic structure comprising at least an information 
processing device a storage device for storing information capable of being processed 
by said processing device and at least a data bus, the security module further 
comprising means for checking the integrity of information, said means for checking 
the integrity being either a table contained in the processing device or a plurality of 
software program instructions of the storage device or a specific hardware circuit, the 
method comprising at least the following steps: 

selecting a piece of sensitive information stored in the storage device 
addressed by the processing means; 

determining, by the means for checking the integrity, a specific condition for 
establishing the integrity of said sensitive information to be transmitted on said data 
bus; 

transferring a datum of said sensitive information from the storage device to 
the processing device, on said data bus; 

verifying said datum transferred on said data bus, by said means for checking 
the integrity for verifying that said specific condition is satisfied; and 

disabling the processing of said sensitive information by the processing device 
if the specific condition is not satisfied, 
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wherein said means for checking the integrity comprises a first and a second 
logic operator disposed in an entry and an output of the data bus, respectively, and 
producing a first and a second result, respectively, the means for checking the 
integrity further comprising a logic comparator for comparing said first and second 
result, and for verifying said specific condition for the integrity by checking an 
equality between said first and second results. 

47. (new) The method according to claim 46, wherein said first and second 
logic operators are parity generators each having two logic opposite outputs and one 
logic selection input that determines which of said two logic opposite outputs is input 
in the comparator. 

48. (new) The method according to claim 47, wherein said logic selection 
input of the comparators is set to a calculation data whose value varies as a function 
of time. 

49. (new) The method according to claim 47, wherein said logic selection 
input of both comparators is set to a calculation data whose value varies randomly. 

50. (new) A security module comprising an electronic circuit having a 
monolithic structure and comprising an information processing device, an information 
storage device communicating with said processing device via a data bus, the 
processing device selecting sensitive information data extracted from the storage 
device in order to process them, the security module further comprising means for 
checking the integrity of information being either a table contained in the processing 
device or a plurality of software program instructions of the storage device or a 
specific hardware circuit, wherein said means for checking the integrity verifies a 
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specific condition for integrity by verifying a datum of said sensitive information, 
transferred on the data bus, the security module further comprising means for 
disabling the processing of said sensitive information by the processing device when 
said specific condition for integrity is not satisfied, 

wherein said means for checking the integrity of information comprises a first 
and a second parity generator respectively disposed in an entry and an output of the 
data bus, and a comparator whose inputs are connected to outputs of said first and 
second parity generators to verify said specific condition for integrity when said first 
and second parity generators produce identical outputs, and to set an output of said 
comparator linked to an interrupt input of the processing device. 

51. (new) The security module according to claim 50, wherein said outputs 
of said first and second parity generators are set opposite according to a function of 
time. 

52. (new) The security module according to claim 50, wherein said outputs of 
said first and second parity generators are set opposite randomly. 
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